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CLAIM AMENDMENTS 



2 Listing of Claims: 

3 CLAIMS 

4 1 . (currently amended) A method for maintaining privacy for transactions pcrformablc by 

5 comprising employing a user device-(2e) having a security module-(33) with a privacy 

6 certification authority computer-(3e) and a verification computerf4e), the verification computer 

7 (4^ having obtained public keys firom the privacy certification authority computer (50) and fi^om 

8 an issuer^ that provides attestation of the security module (33), the method further comprising 

9 the steps of: 

1 0 - receiving a first and second set of attestation-signature value s (Di\i\l, DAA2), the first set of 

1 1 attestation-signature value s (DAi\l) being generated by the user device ^0) using first 

1 2 attestation value s (AVI) obtained fi-om the issuer and the second set of attestation-signature 

1 3 value s (Di\A2) being generated by the user device (3^ using second attestation values (3¥V3) 

1 4 obtained from the privacy certification authority computer (^; 

1 5 - checking the validity of the first set of attestation-signature values (DAi\l) with the public key 

16 of the issuer (iO); 

17 - checking the validity of the second set of attestation-signature values ^. W) with the public 

1 8 key of the privacy certification authority computer and 

1 9 - verifying whether or not the twe first and second sets of attestation-signature values (Di\i\l, 

20 DAA2) relate to the user device (30). 

21 2. (currently amended) The method according to claim 1 , wherein the step of verifying 

22 comprises the step of: verifying that a first value is derived from a base value, comprised in the 

23 first set of attestation-signature values (DAAl) , and identical to a second value that is derived 

24 fixjm said base value and is comprised in the second set of attestation-signiture values (DAA2). 

25 1. 
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1 3. (currently amended) The method according to claim 1 , wherein the step of verifying 

2 comprises the step of: verifying a proof that the two first and second attestation-signature values 

3 (DAAl,Di\i\2) are based on the first and second attestation value s (AVI, AV2) that are derived 

4 firom at least one common value-(f). 

5 2. 

6 4. (original) The method according to claim 2, v^herein the base value is different each time the 

7 method is applied. 

8 5. (currently amended) The method according to claim 3, wherein the common value-(f) is 

9 derived from an endorsement key-fEK) that is related to the security module (23). 

10 6. (currently amended) A method for maintaining privacy for transactions pcrformablc by 

1 1 comprising employing a user device (20) having a security module (33) with a privacy 

1 2 certification authority computer (30) and a verification computer (40), the privacy certification 

1 3 authority computer (30) havmg obtained a public key fi-om an issuer (10) that provides attestation 

14 of the security module (22); the method further comprising the steps of: 

15 - receiving an initial set of attestation-signature values (DAAr) from the user device (20), the 

1 6 initial set of attestation-signature values (DAAr) being generated by the user device (20) using 

1 7 first attestation values (AVI) obtained fi-om the issuerflO); 

1 8 - checking the validity of the initial set of attestation-signature values ^-AA4) vsdth the public 

1 9 key of the issuer-(l^; 

20 - responsive to the checking step issuing second attestation values (AV2) that relate to the initial 

21 set of attestation-signature values (DAAl'); and 

22 - providing the second attestation values (AV2) to the user device (20), a second set of 

23 attestation-signature values (DAA2) being derivable firom the second attestation values (AV2) , 

24 wherein it is verifiable that a first set of attestation-signature values (DAAl) and the second set 

25 of attestation-signature values (DAA2) relate to the user device (30), the first set of 

26 attestation-signature values (DAAl) is generatable by the user device (20) using first attestation 

27 values (AVI) obtained fi-om the issuer-(iO). 
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7. (currently amended) The method according to claim 6, wherein the step of issuing the second 

2 attestation values <AV2) further comprises the step of: receiving a request value from the user 

3 device ^ and verifying whether the request value relates to the initial set of 

4 attestation-signature values (DAAl'). 



5 



8. (currently amended) A method fer comprising maintaining privacy for transactions 

6 perfoimable by a user device ^ havmg a security module (33) with a privacy certification 

7 authority computer (39) and an verification computer (4e), the user device (20) having obtained 

8 first attestation values (AVI) from an issuer^ and second attestation values^AV2) from the 

9 privacy certification authority computer (50), the metifeed step of maintaining comprising the 

10 steps of: 

1 1 - generating a first set of attestation-signature values (BAM) by using the first attestation values 

12 (AVI) and a second set of attestation-signature values (DAA2) by using the second attestation 

13 values (AV2); and 

14 - sending the first and second set of attestation-signature values (DAAl, DAA2) to the 

15 verification computer (40), 

1 6 wherein the verification computer (40) is able to check the validity of the first set of 

1 7 attestation-signature values (DAAl) with an issuer public key (PK,) of the issuer-fW), the 

1 8 validity of the second set of attestation-signature values (DAA2) with an authority public key 

1 9 (PKpca) of the privacy certification authority computer (30), and 

20 to verify that the ^ flr^^t and second sets of attestation-signature values (DA;\1, Di\i\2) relate 

21 to the user device (20). 



22 9. (currently amended) The method according to claim 8, wherein the step of generating 

23 comprises using an endorsement key (H^ that is related to the security module (22). 

24 1 0. (currently amended) A computer program element comprising program code means 

25 performing the method of any one of tlic claimo 1 to 9 claiml when said program is run 

26 computer. 
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1 11. (currently amended) A computer program product stored on a computer usable medium, 

2 comprising computer readable program means for causing a computer to perform the method 

3 according to any one of the claims 1 to 9 claim 1 . 

4 12. (currently amended) A system for maintaining privacy while computers performing 

5 transactions comprising: 

6 an issuerfW) providing an issuer public key (PKi); 

7 a user device f20) having a security module f22) for generating a first set of 

8 attestation-signature values (DAAl) ; 

9 a privacy certification authority computer (30) for providing an authority public key 

10 (PKpca) and issuing second attestation values (AV2) ; and 

1 1 a verification computer (40) for checking the validity of the first set of 

12 attestation-signature values (DAAl) with the issuer public key (PKi) and the validity 

13 of a second set of attestation-signature values (DAA2) with the authority public key 

1 4 (PKpca), the second set of attestation-signature values (DAA2 ) being derivable by 

1 5 the user device (20) from the second attestation values (AV2), 

16 wherein it is verifiable that the twe first and second sets of attestation-signature values 

1 7 (Di\AUDAA2) relate to the user device (20). 

18 13. (new) An article of manufacture comprising a computer usable medium having computer 

19 readable program code means embodied therein for causing maintenance of privacy for 

20 transactions, the computer readable program code means in said article of manufacture 

21 comprising computer readable program code means for causing a computer to effect the steps of 

22 claim 6. 

23 14. (new) A program storage device readable by machine, tangibly embodying a program of 

24 instructions executable by the machine to perform method steps for maintaining privacy for 

25 transactions, said method steps comprising the steps of claim 6. 
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1 15. (new) An article of manufacture comprising a computer usable medium having computer 

2 readable program code means embodied therein for causing maintenance of privacy for 

3 transactions, the computer readable program code means in said article of manufacture 

4 comprising computer readable program code means for causing a computer to effect the steps of 

5 claim 8. 

6 16. (new) A program storage device readable by machine, tangibly embodying a program of 

7 instructions executable by the machine to perform method steps for maintaining privacy for 

8 transactions, said method steps comprising the steps of claim 8. 

9 17. (new) A computer program product comprising a computer usable medium having computer 

10 readable program code means embodied therein for causing maintenance of privacy for 

1 1 transactions, the computer readable program code means in said computer program product 

12 comprising computer readable program code means for causing a computer to effect the 

1 3 functions of claim 1 2. 

14 18. (new) The method according to claim 1 , 

1 5 wherein the step of verifying comprises verifying that a first value is derived from a base value, 

16 comprised in the first set of attestation-signature values, and identical to a second value that is 

17 derived fi-om said base value and is comprised in the second set of attestation-signature values; 

18 wherein the step of verifying comprises verifying a proof that the first and second 

19 attestation-signature values are based on the first and second attestation values that are derived 

20 from at least one common value; 

2 1 wherein the base value is different each time the method is applied; and 

22 wherein the common value is derived from an endorsement key that is related to the security 

23 module. 
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1 19. (new) An article of manufacture comprising a computer usable medium having computer 

2 readable program code means embodied therein for causing maintenance of privacy for 

3 transactions, the computer readable program code means in said article of manufacture 

4 comprising computer readable program code means for causing a computer to effect the steps 

5 claim 18. 

6 20. (new) A program storage device readable by machine, tangibly embodying a program of 

7 instructions executable by the machine to perform method steps for maintaining privacy for 

8 transactions, said method steps comprising the steps of claim 1 8. 
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